CVE-2024-20454

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...

Cisco Identity Services Engine Arbitrary File Upload (cisco-sa-ise-file-upload-krW2TxA9)

According to its self-reported version, Cisco Identity Services Engine Arbitrary File Upload is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

PT-2024-18642 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to upload arbitrary files to an affected device. The attacker...

CVE-2024-4999 Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

Cisco Integrated Management Controller Web-Based Management Interface Command Injection (cisco-sa-cimc-cmd-inj-bLuPcb)

According to its self-reported version, the Cisco Integrated Management Controller Web-Based Management Interface is affected by a command injection vulnerability. Due to insufficient user input validation, an authenticated, remote attacker with Administrator-level privileges could perform comman...

CVE-2024-20376

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

CVE-2023-20249

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

CVE-2023-20248

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

PT-2024-3106 · Cisco · Cisco Integrated Management Controller

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC exists due to insufficient user input validation,...

Cisco Identity Services Engine Server-Side Request Forgery (cisco-sa-ise-ssrf-FtSTh5Oz)

According to its self-reported version, Cisco Identity Services Engine Server-Side Request Forgery is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side...

Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-imps-xss-quWkd9yF)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the report host is affected by a coss-site scripting XSS vulnerability. The vulnerability exists in the web-based management interface due to improper validation of user-supplied input before...

CVE-2024-20368

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

CVE-2024-20334

CVE-2024-20334 affects Cisco TelePresence Management Suite (TMS) web-based management interface. Vulnerability arises from insufficient input validation in the interface, enabling a low-privileged, remote attacker to perform cross-site scripting (XSS). A successful exploit could execute arbitrary...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2024-20368

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...